[syslog-ng] spoof_source not working
Chance Ellis
chance.ellis at gmail.com
Thu Oct 13 21:57:33 CEST 2005
Ok,
I copied the the Solaris 8 libnet-config file to the /tmp/foo folder on
Solaris 9. I then ran:
LD_LIBRARY_PATH=/tmp/foo:$LD_LIBRARY_PATH truss /usr/local/sbin/syslog-ng -f
/usr/local/etc/syslog-ng.conf -F &
I get the same result... Whenever I apply the spoof_source(yes) to the
config I do not get any messages forwarded to the destination. If I remove
the spoof_source(yes) messages flow but with the source IP address from the
syslog-ng server...
The truss output is quite huge! Is there any piece of the truss output that
would help me to troubleshoot this? Is libnet-config the only thing I need
or do I need something in addition to libnet-config?
Thanks for all of your help!
On 10/13/05, Balazs Scheidler <bazsi at balabit.hu> wrote:
>
> On Tue, 2005-10-11 at 22:50 -0400, Chance Ellis wrote:
> > Nate,
> >
> > Thanks for replying. I did try that but I get the same results... UDP
> > destinations work until I add the spoof_source to the destination.
> >
> > How does the spoof_source work? Does it call some external library
> > that I have the wrong version of on the Solaris9 boxes? What about
> > lex? I also ran debug on the syslog-ng runtime and it just spews a
> > bunch of senseless info. Might it be helpful if I post that?
>
> it uses libnet to generate output packets. you might try to truss
> syslog-ng as it tries to send a spoofed source packet and see what it
> does.
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051013/b2498d35/attachment.htm
More information about the syslog-ng
mailing list